A computer application distributor wishes to distribute such computer application to each of many users or recipients in exchange for a license fee or some other consideration. However, such distributor typically also wishes to restrict what each user or recipient can do with such distributed computer application. For example, the distributor would like to restrict the user from copying and re-distributing such application to a second user, at least in a manner that denies the distributor a license fee from such second user. Similarly, the distributor may wish to prevent the user from employing the application to perform more than a set number of a certain task.
In addition, the distributor may wish to provide the user with the flexibility to purchase different types of use licenses at different license fees, while at the same time holding the user to the terms of whatever type of license is in fact purchased. For example, the distributor may wish to allow the application to be executed only a limited number of times, only for a certain total time, only on a certain type of machine, only on a certain type of rendering platform, only by a certain type of user, etc. Likewise, the distributor may wish to allow one user to pay a smaller license fee and access a smaller set of application functions and also to allow another user to pay a larger license fee and access a larger set of application functions, and the like.
However, after distribution has occurred, such distributor has very little if any control over the distributed application. This is especially problematic in view of the fact that the application may be copied and re-distributed to most any personal computer, presuming that the application is not otherwise protected in some manner from such copying and re-distribution. As should be appreciated, most any such personal computer includes the software and hardware necessary to make an exact digital copy of such application, and to download such exact digital copy to a write-able magnetic or optical disk, or to send such exact digital copy over a network such as the Internet to any destination.
Of course, as part of a transaction wherein the application is distributed, the distributor may require the user/recipient of the application to promise not to re-distribute such application in an unwelcome manner, and to not perform other prohibited acts. However, such a promise is easily made and easily broken. A distributor may therefore attempt to prevent such prohibited acts through any of several known security measures.
One security measure that is employed to prevent improper re-distribution of an application is product activation. In such product activation, a customer acquiring a software application is provided with a product activation key corresponding thereto, which is a unique serial number and product identifier that acts as a proof of purchase or the like. The provided product key is then entered during installation of the application on a particular computer device to act as a proffer that the application was acquired legally and/or otherwise properly. The product activation key need not be and typically is not cryptographic in nature, although a digital signature (which is cryptographic in nature) may be included to act as a guarantee that the product key is genuine.
The entered product key and an ID representative of the computer device are then sent to a product activation service as part of the installation process. As may be appreciated, the product activation service determines whether the entered product key is valid, whether the product key has been employed before, and if so in connection with what computer device. Typically, each product key enables an installation or re-installation of the application on a single computing device, as is set forth in a corresponding license agreement, although a product key may also enable a set number of installations/re-installations on multiple computer devices also.
Accordingly, if the product activation service determines that the entered product key has already been employed to install the application on another computer device (or has been employed a maximum number of times, for example), such activation service will not allow the installation of the application on the computer device to proceed, will not allow a complete installation of the application on the computer device, will not allow the installed application to be used on the computer device, or the like, as the case maybe. Thus, activation as used herein may entail permission to install the application, permission to perform some level of installation of the application, permission to completely install the application, some level of permission to use the application, complete permission to use the application, or the like.
If the activation service declines to activate the application for the customer based on an entered product key already being used in connection with another computing device, or based on the entered product key not supporting the level of activation desired, the customer must acquire another appropriate product key to install/completely install/use the application on the computing device in the manner desired. Thus, the product key and the product activation service act to ensure that the application is not nefariously or wantonly installed/activated/used on multiple computing devices, such as may be in violation of any software license agreement associated with the software product.
Note that as part of the activation process, the activation service may return a digital version of the license to the computing device on which the application is associated. Such license may be tied to the computing device such that the license is not usable with any other computing device, and may express a level of activation, as well as license terms such as application functions that are to be made available, functions that are to be made non-available, a period of activation or a number of times the application may be executed on the computing device, a maximum number of uses of a particular function of the application, a maximum number of simultaneous uses of a particular function of the application, and the like. In general, such license may express any limitations and/or rights and also may express any policies that should be honored in connection with the execution of the application on the computing device, all as set forth by the distributor of the application or another entity.
With such license, then, a rights client controller with a license evaluator or the like may be employed on the computer along with the distributed application to control operation and use of the application based on an evaluation of whether the license so permits. However, a need exists for an actual method and mechanism by which such rights client with such license evaluator may in fact control operation and use of the application based on the license. In particular, a need exists for such a rights client with such a license evaluator that executes certain portions of code on behalf of and as a proxy for the application, but only if the license evaluator determines that the license allows such execution.
While in one case the portions of code within the application are at least partially randomly chosen, it is to be appreciated that in another case each of at least some of the portions of code represents a function that is to be executed only if the corresponding license so allows. More specifically, the function is to be executed only if the corresponding license so allows based on a logical or mathematical determination. For instance, it may be that the function allows the instantiation of a resource, and the license allows a maximum of X instantiations of the resource. In such an instance, then, a need exists for a method and mechanism by which a secure process can securely maintain a count of the number of instantiations of the resource as state information. More generally, a need exists for a method and mechanism by which the secure process can securely maintain state information regarding data necessary to determine whether a license for an application allows code of the application to be executed.